package com.common;

import org.apache.commons.lang3.StringUtils;
import org.owasp.esapi.ESAPI;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.convert.converter.Converter;

public class DataConverter implements Converter<String, String> {

    private final String[] XSS_FILTER_CHARACTERS = {"<", ">"};
    @Value("${FILE.SYSTEM.SERVER}")
    private String FILE_SYSTEM_SERVER;

    @Override
    public String convert(String source) {
        if (StringUtils.isBlank(source)) {
            source = null;
        } else {
            /*XSS攻击防止...*/
            for (String filterCharacter : XSS_FILTER_CHARACTERS) {
                if (source.contains(filterCharacter)) {
                    source = source.replaceAll(filterCharacter, ESAPI.encoder().encodeForHTML(filterCharacter));
                }
            }
        }
        return source;
    }
}